Sarbanes-Oxley - How is it Affecting You?

Grant Barrett asks: "All I hear from IT directors is Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley. SOX, as they're calling it, is taxing manpower, swallowing time, and adding huge administrative headaches--not to mention incurring fees and salaries paid out to staff or third-party firms hired to ensure compliance--and that's just the IT department. How are you dealing? Did you make your compliance deadline even after the extension? Are you joining the the backlash?"

World's smallest violin

[Profane+MuthaFucka]

OK, so the collapse of mega-corporations like Enron and Worldcom in accounting scandals cost the people of the country, particular investors, billions of dollars. Enron also defrauded California of billions of dollars.

MORE billions, in fact, than what the attacks on the World Trade Center cost us.

And now, they are saying that the burden of complying with a law that will help to prevent future abuses is too high? Boo Hoo.

I don't think it's too much to ask companies to prove they aren't ripping us off.

Re:World's smallest violin

[josecanuc]

Where is your proof that this new law will prevent future accounting mis-practice?

Just to note: Laws don't prevent anything from happening, they just provide legal footing for a response/recovery. Murder is illegal, but that doesn't stop people from murdering. It is, in some way, a deterrent to rational people who may contemplate murder.

In the same way, this law provides a framework for prosecution abilities. We will hope that the threat of being held responsible for a hurtful act will act as a deterrent to rational people contemplating such acts...

Re:World's smallest violin

[jbolden]

I don't have a clue what you mean by complex I don't see anything complex about high ranking executives committing fraud. It a simple scam, no different than shipping empty boxes and having your own trucks hijacked (which was a business technique in the 20s and 30s). These guys got paid for generating profits, they deliberately overstated the profits their company's made.

As for your idea, transaction data is worthless to investors. That's data not information.

The purpose of the act is to create a paper trail so that when senior executives commit fraud it will be easier to prove. We used to have a culture of law enforcement where fraud at high levels was simply impossible because low level people involved in fraud knew that while they wouldn't be rewarded there was a high likelihood they would go to jail. We don't have that anymore and recreating it would require broad societal changes. The hope is that this is successful in reducing fraud, not prevent all of it just some of it. I think Congress would have been very open to all sorts of techniques to reduce criminal executive behavior, during the hearings what they kept finding was that senior had plausible deniability about misrepresenting their financial status. I think it is safe to say this act will make it much harder for these executives to have this sort of deniability. It may force them to engage in more explicit criminal behavior (which is easier to prosecute) or maybe just not commit the crimes at all (which is good for everyone) no way to know in advance. Or maybe it isn't nearly enough and accounting in public companies needs to be nationalized. I don't know we will have to find out.

Finally, generally in a private company the high executives and the owners are the same people. So high executives would just be stealing from themselves in this case and thus its not nearly as much a matter of public interest.

Re:World's smallest violin

[aaarrrgggh]

How much does compliance cost?

Well, the audit trail for a $1 transaction can easily cost $0.20. ($0.12 is a best-case number that the credit card companies used to use.) Small component costs can kill your margin quite quickly!

Much of what is required by the act is "good." However, the end-run for many businesses will be to force them to offshore (audit) work in an effort to drive down that extra overhead by 50-60% and make themselves remain competitive.

It's a boon to my business... as long as we aren't publicly traded! It adds work and helps us provide lower cost solutions than our listed competitors.

One the best laws in a long time

[jbolden]

There have been few laws passed in the last 3 decades which are designed to help people (investors are often mutual funds and pension funds) at the expense of executive management. Executives for far too long have been able to lie and then claim they didn't know they were lying. Because the SEC doesn't go after white collar crime they way they go after some 16 year old who rips off a 7/11 these guys never go to jail. By creating a paper trail hopefully more executives who commit fraud will go to jail and there will be some decrease in the amount of fraud in US business.

If that's costs money I'm all for seeing the money spent.

Re:One the best laws in a long time

[wolf31o2]

I really have to agree with you. There should be a paper trail on this sort of thing. If that is "taxing manpower" then I have to ask you, what the hell were you actually doing before?

I would love to see these white-collar criminals treating like the self-serving scum that they really are. Maybe we need to see a few of them get the business end of a night stick. Maybe we need to see them paraded out of their homes, which are promptly seized by the police, and into the back of squad cars with their crying, spoiled little wives screaming as they are taken away. I really cannot stand to see this sort of corruption go unpunished. These men and women are criminals, just like anyone who steals money via any other means. Why do we insist on treating them like they're VIP's?

Re:One the best laws in a long time

[Fig,+formerly+A.C.]

The part you're missing is that this isn't hurting the average exec, it's hurting the stockholders. The extra fees are eating into profit, so everyone's 401k plan is going to start sliding... This BS legislation doesn very little except keep a LOT of auditors employed at the expense of the people the law was meant to protect.

Why reward the guilty?

The consultants that these businesses hire are responsible for the problem as much as the businesses themselves. The accountants and independent auditors are in the business of selling hours just like any other consultant.

The new laws were crafted to solve a real problem, but only end up costing the businesses more money. Why should the same consultants that caused the problem be rewarded by a law that requires more paperwork and more billable hours for those who caused the problem in the first place?

Congress should have passed a law that rewards companies for having simplified accounting systems. Simpler accounting rules would be much easier for shareholders to understand. Similarly, those companies would be much easier and cheaper to audit. That type of law would reward well behaved companies and punish the accounting consulting firms by making their services less profitable.

more laws != better laws

[why-is-it]

And now, they are saying that the burden of complying with a law that will help to prevent future abuses is too high? Boo Hoo.

I don't think it's too much to ask companies to prove they aren't ripping us off.

I'm pretty sure that it was already against the law for executives to loot a company and steal from the shareholders, even before Sarbox was passed.

I am center-left on political, social and economic issues, and even I fail to see how another law will prevent future corporate scandals, when there are plenty of laws on the books that already regulate corporate behaviour.

The problems at Worldcom and Enron (et.al.) happened because existing laws were not enforced, and nobody complained as long as the stock prices were increasing. It was only at the very end when the house-of-cards collapsed that everyone cried foul.

Unfortunately, there would be no glory in enforcing the existing laws. Can you imagine the howls of outrage if the legal system took down Enron or Worldcom at the height of the bubble? The neo-cons would have had a field day complaining about undue government interference in the economy...

I'm not sure whether Sarbox would deter a dishonest CEO from stealing the company blind if he/she thought that they stood a reasonable chance of getting away with it. Even if you get caught, the consequences don't seem to bad. It's not like Bernie Ebbers or Ken Lay are living in cardboard boxes underneath the freeway...

Re:What is Sarbanes-Oxley?

[gstoddart]

No kidding. Another thing that would have been useful would have been had he pointed out what the fuck this has to do with IT.

Easy -- E-Mail communications related to the operation of a business which is subject to SEC oversight (publically traded) is now considered a vital piece of corporate history which must be preserved.

From this thread you can get the gist of it.

Violated Section 17(a) of the Securities Exchange Act of 1934, Rule 17a-4 under the Exchange Act, NYSE Rule 440 and NASD Rule 3110 by failing to preserve for a period of three years, and/or preserve in an accessible place for two years, electronic communications relating to the business of the firm, including interoffice memoranda and communications.

That includes e-mail correspondence.

Which means if a publically traded company gets hauled into court by the SEC and have NOT successfully kept every single e-mail related to corporate-governnance, the executives can go to jail.

This means that for large companies, IT is expected to be able to retain, find, and present their e-mail records in a court of law for several years.

There are huge IT ramifications involved here.

For more, read this piece which does a pretty job of describing the impacts (and creepy aspects of SOX). (OK, he's actually talking about a different aspect, but the first few paragraphs cover the topic.)

Your ignorance of SOX doesn't negate that this is very much an IT issue.

Cheers